I have enabled IdentityServer on our ASP.NET Zero and Angular web application with the purpose of allowing a 3rd-party application to access a user's resources via an authorization_code oauth flow.
I have used the existing Angular login page as the page that IdentityServer redirects to if the user isn't authenticated, and modified the 'Authenticate' method of the 'TokenAuthController' class to sign-in the authenticated user with IdentityServer.
await _signInManager.SignInAsync(loginResult.User, false);
However, I am getting an error when attempting to subsequently log out via the Angular application. The 'Logout' method of the 'TokenAuthController' class is expecting a claim with the name 'token_validity_key' and this claim seems to no longer exist, and so the application fails to log out.
Is using the Angular login page as part of the oauth flow in this way a recommended option? If not, what do you recommend for the login/logout/consent UI elements for an oauth flow using an ASP.NET Zero application?
I need a solution that allows users, to authenticate using OAuth2 and then access the ASPNetZero API. What do you suggest? Is this native or contemplated with ASPNetZero or is there a simple external solution that might be suitable and scalable?
Do you have latest results of pen testing you have done against this framework?
A
Right now its single web server. Are you aware of any such configuration or setting in environment that could affects this?
We have deployed our application in azure (isolated environment, once instance), but since last few days caching isnt working as expected. We are using default in memory cache. Below are two of the critical scenarios that are failing -
We allow user to upgrade to a plan from tenant login, so after upgrading we are reloading the application. All the tenant details along with the new edition are retrived properly but the newly added permissions are not returned and because of that user cannot access the new features. It was all working fine till last week. Not sure if it is because of the azure app service plan? There were no code changes done related to it. It all works fine on localhost.
Impersonation is failing - error thrown is "Impersonation token is invalid or expired!", so here token is generated but it fails to retrieve it from cache.
Export users to excel is also failing..since its fail to fetch the file token from TempFileCacheManager.
So overall caching is not working as expected. Can you help us to resolve this issue? Also can implementing redis cache will help us to resolve this?
Thanks.
hi there..
with refernece to this: https://github.com/aspnetzero/aspnet-zero-core/pull/2132
Can you advise when this will be released? It's urgent for our project and customers. Much appreciated.
A
hi.. do you have a solution so that users will be automatically logged out after X minutes?
Hi there.. i have a license agreement with you. I'd like access to the GitHub Repo so i can get updates to code please. my github ID is: antpstevens
Great support! Thanks.
i cannot get to the GITHUB .. can you add my username please: antpstevens